CVSS: 9.8EPSS: 4%CPEs: 1EXPL: 1CVE-2015-3693 – Rowhammer - NaCl Sandbox Escape
https://notcve.org/view.php?id=CVE-2015-3693
01 Jul 2015 — Apple Mac EFI before 2015-001, as used in OS X before 10.10.4 and other products, does not properly set refresh rates for DDR3 RAM, which might make it easier for remote attackers to conduct row-hammer attacks, and consequently gain privileges or cause a denial of service (memory corruption), by triggering certain patterns of access to memory locations. Apple Mac EFI anterior a 2015-001, utilizado en OS X anterior a 10.10.4 y otros productos, no configura correctamente los indices actualizados para DDR3 RAM... • https://www.exploit-db.com/exploits/36311 • CWE-254: 7PK - Security Features •
CVSS: 8.8EPSS: 2%CPEs: 24EXPL: 0CVE-2015-3659 – SQLite Default Value Authorization Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2015-3659
01 Jul 2015 — The SQLite authorizer in the Storage functionality in WebKit in Apple Safari before 6.2.7, 7.x before 7.1.7, and 8.x before 8.0.7, as used in Apple iOS before 8.4 and other products, does not properly restrict access to SQL functions, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted web site. El autorizador SQLite en la funcionalidad Storage en WebKit en Apple Safari anterior a 6.2.7, 7.x anterior a 7.1.7, y 8.x anterior a 8.0.7, utilizad... • http://lists.apple.com/archives/security-announce/2015/Jun/msg00001.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2015-3698 – Apple Security Advisory 2015-06-30-2
https://notcve.org/view.php?id=CVE-2015-3698
01 Jul 2015 — Buffer overflow in the Intel Graphics Driver in Apple OS X before 10.10.4 allows local users to gain privileges via unspecified vectors, a different vulnerability than CVE-2015-3695, CVE-2015-3696, CVE-2015-3697, CVE-2015-3699, CVE-2015-3700, CVE-2015-3701, and CVE-2015-3702. Desbordamiento de buffer en Intel Graphics Driver en Apple OS X anterior a 10.10.4 permite a usuarios locales ganar privilegios a través de vectores no especificados, una vulnerabilidad diferente a CVE-2015-3695, CVE-2015-3696, CVE-201... • http://lists.apple.com/archives/security-announce/2015/Jun/msg00002.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2015-3695 – Apple Security Advisory 2015-06-30-2
https://notcve.org/view.php?id=CVE-2015-3695
01 Jul 2015 — Buffer overflow in the Intel Graphics Driver in Apple OS X before 10.10.4 allows local users to gain privileges via unspecified vectors, a different vulnerability than CVE-2015-3696, CVE-2015-3697, CVE-2015-3698, CVE-2015-3699, CVE-2015-3700, CVE-2015-3701, and CVE-2015-3702. Desbordamiento de buffer en Intel Graphics Driver en Apple OS X anterior a 10.10.4 permite a usuarios locales ganar privilegios a través de vectores no especificados, una vulnerabilidad diferente a CVE-2015-3696, CVE-2015-3697, CVE-201... • http://lists.apple.com/archives/security-announce/2015/Jun/msg00002.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2015-3710 – Apple Security Advisory 2015-06-30-2
https://notcve.org/view.php?id=CVE-2015-3710
01 Jul 2015 — Mail in Apple iOS before 8.4 and OS X before 10.10.4 allows remote attackers to trigger a refresh operation, and consequently cause a visit to an arbitrary web site, via a crafted HTML e-mail message. Mail en Apple iOS anterior a 8.4 y OS X anterior a 10.10.4 permite a atacantes remotos provocar una operación de actualización, y como consecuencia causar una visita a un sitio web arbitrario, a través de un mensaje de email HTML manipulado. OS X Yosemite 10.10.4 and Security Update 2015-005 are now available ... • http://lists.apple.com/archives/security-announce/2015/Jun/msg00001.html • CWE-254: 7PK - Security Features •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2015-3708 – Apple Security Advisory 2015-06-30-2
https://notcve.org/view.php?id=CVE-2015-3708
01 Jul 2015 — kextd in kext tools in Apple OS X before 10.10.4 allows attackers to write to arbitrary files via a crafted app that conducts a symlink attack. kextd en kext tools en Apple OS X anterior a 10.10.4 permite a atacantes escribir en ficheros arbitrarios a través de una aplicación manipulada que realiza un ataque de enlace simbólico. OS X Yosemite 10.10.4 and Security Update 2015-005 are now available and address privilege escalation, arbitrary code execution, access bypass, and various other vulnerabilities. • http://lists.apple.com/archives/security-announce/2015/Jun/msg00002.html •
CVSS: 8.8EPSS: 5%CPEs: 2EXPL: 0CVE-2015-3685 – Apple Security Advisory 2015-06-30-2
https://notcve.org/view.php?id=CVE-2015-3685
01 Jul 2015 — CoreText in Apple iOS before 8.4 and OS X before 10.10.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted text file, a different vulnerability than CVE-2015-3686, CVE-2015-3687, CVE-2015-3688, and CVE-2015-3689. CoreText en Apple iOS anterior a 8.4 y OS X anterior a 10.10.4 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria) a través de un fichero de texto manipulado, una vulnerabil... • http://lists.apple.com/archives/security-announce/2015/Jun/msg00001.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 10%CPEs: 1EXPL: 0CVE-2015-3680 – Apple OS X DFont FOND Memory Corruption Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2015-3680
01 Jul 2015 — Apple Type Services (ATS) in Apple OS X before 10.10.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-3679, CVE-2015-3681, and CVE-2015-3682. Apple Type Services (ATS) en Apple OS X anterior a 10.10.4 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria) a través de un fichero manipulado, una vulnerabilidad diferente a CVE-2015-3679... • http://lists.apple.com/archives/security-announce/2015/Jun/msg00002.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 35%CPEs: 2EXPL: 0CVE-2015-3669 – Apple QuickTime SGI Image File Heap Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2015-3669
01 Jul 2015 — QT Media Foundation in Apple QuickTime before 7.7.7 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted file, a different vulnerability than CVE-2015-3664 and CVE-2015-3665. QT Media Foundation en Apple QuickTime anterior a 7.7.7 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria) a través de un fichero manipulado, una vulnerabilidad diferente a CVE-2015-3664 y CVE-2015-3665. This vuln... • http://lists.apple.com/archives/security-announce/2015/Jun/msg00005.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.8EPSS: 5%CPEs: 2EXPL: 0CVE-2015-3689 – Apple Security Advisory 2015-06-30-2
https://notcve.org/view.php?id=CVE-2015-3689
01 Jul 2015 — CoreText in Apple iOS before 8.4 and OS X before 10.10.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted text file, a different vulnerability than CVE-2015-3685, CVE-2015-3686, CVE-2015-3687, and CVE-2015-3688. CoreText en Apple iOS anterior a 8.4 y OS X anterior a 10.10.4 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria) a través de un fichero de texto manipulado, una vulnerabil... • http://lists.apple.com/archives/security-announce/2015/Jun/msg00001.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •